Home | History | Annotate | Line # | Download | only in dist
sshd_config revision 1.1.1.18 
      1 #	$OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
      2 
      3 # This is the sshd server system-wide configuration file.  See
      4 # sshd_config(5) for more information.
      5 
      6 # The strategy used for options in the default sshd_config shipped with
      7 # OpenSSH is to specify options with their default value where
      8 # possible, but leave them commented.  Uncommented options override the
      9 # default value.
     10 
     11 #Port 22
     12 #AddressFamily any
     13 #ListenAddress 0.0.0.0
     14 #ListenAddress ::
     15 
     16 #HostKey /etc/ssh/ssh_host_rsa_key
     17 #HostKey /etc/ssh/ssh_host_ecdsa_key
     18 #HostKey /etc/ssh/ssh_host_ed25519_key
     19 
     20 # Ciphers and keying
     21 #RekeyLimit default none
     22 
     23 # Logging
     24 #SyslogFacility AUTH
     25 #LogLevel INFO
     26 
     27 # Authentication:
     28 
     29 #LoginGraceTime 2m
     30 #PermitRootLogin prohibit-password
     31 #StrictModes yes
     32 #MaxAuthTries 6
     33 #MaxSessions 10
     34 
     35 #PubkeyAuthentication yes
     36 
     37 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
     38 # but this is overridden so installations will only check .ssh/authorized_keys
     39 AuthorizedKeysFile	.ssh/authorized_keys
     40 
     41 #AuthorizedPrincipalsFile none
     42 
     43 #AuthorizedKeysCommand none
     44 #AuthorizedKeysCommandUser nobody
     45 
     46 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
     47 #HostbasedAuthentication no
     48 # Change to yes if you don't trust ~/.ssh/known_hosts for
     49 # HostbasedAuthentication
     50 #IgnoreUserKnownHosts no
     51 # Don't read the user's ~/.rhosts and ~/.shosts files
     52 #IgnoreRhosts yes
     53 
     54 # To disable tunneled clear text passwords, change to no here!
     55 #PasswordAuthentication yes
     56 #PermitEmptyPasswords no
     57 
     58 # Change to no to disable s/key passwords
     59 #KbdInteractiveAuthentication yes
     60 
     61 #AllowAgentForwarding yes
     62 #AllowTcpForwarding yes
     63 #GatewayPorts no
     64 #X11Forwarding no
     65 #X11DisplayOffset 10
     66 #X11UseLocalhost yes
     67 #PermitTTY yes
     68 #PrintMotd yes
     69 #PrintLastLog yes
     70 #TCPKeepAlive yes
     71 #PermitUserEnvironment no
     72 #Compression delayed
     73 #ClientAliveInterval 0
     74 #ClientAliveCountMax 3
     75 #UseDNS no
     76 #PidFile /var/run/sshd.pid
     77 #MaxStartups 10:30:100
     78 #PermitTunnel no
     79 #ChrootDirectory none
     80 #VersionAddendum none
     81 
     82 # no default banner path
     83 #Banner none
     84 
     85 # override default of no subsystems
     86 Subsystem	sftp	/usr/libexec/sftp-server
     87 
     88 # Example of overriding settings on a per-user basis
     89 #Match User anoncvs
     90 #	X11Forwarding no
     91 #	AllowTcpForwarding no
     92 #	PermitTTY no
     93 #	ForceCommand cvs server
     94